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Consistency-Based  Fault  Isolation  for  Uncertain  Systems 
with  Applications  to  Quantitative  Dynamic  Models 

Colin  N.  Jones  1 and  Gregory  W.  Bond  2 and  Peter  D.  Lawrence1 2 3 


Abstract.  This  paper  presents  the  Probabilistic  General  Diagnostic 
Engine  (PGDE),  a novel  method  of  offline  consistency-based  fault 
isolation.  Many  existing  proposals  require  qualitative  logic  mod- 
els for  consistency-based  diagnosis  due  to  their  ability  to  speed  the 
search  for  conflict  sets  through  the  use  of  an  ATMS.  However,  for 
many  applications,  quantitative  dynamic  models  are  preferred  or  al- 
ready available.  The  key  strength  of  the  PGDE  is  that  it  allows  the  use 
of  any  modelling  language  for  which  an  appropriate  calculation  en- 
gine can  be  written.  It  also  offers  graceful  degradation  in  the  presence 
of  uncertainty,  commonly  caused  by  noise  or  modelling  errors.  Fi- 
nally, given  perfect  knowledge,  it  can  be  shown  that  the  PGDE  com- 
putes the  same  result  as  existing  consistency-based  diagnosis  meth- 
ods. To  demonstrate  the  performance  of  the  algorithm,  we  have  used 
a quantitative  dynamic  model  of  the  fluid  power  circuit  of  a single- 
degree of  freedom  hydraulic  test  bench  and  developed  an  appropri- 
ate calculation  engine  for  computing  consistency  between  measured 
values  and  predicted  results.  Various  failures  were  generated  on  the 
physical  test  bench  and  the  PGDE  isolated  the  faults  with  approxi- 
mately 85%  accuracy. 

1 INTRODUCTION 

Consistency-based  diagnosis  has  at  its  heart  the  search  for  a subset  of 
the  full  model  such  that  predictions  made  using  the  subset  are  con- 
sistent with  sensor  measurements.  This  search  space  is  exponential 
in  the  number  of  model  components  and  so  a great  deal  of  attention 
has  been  given  to  developing  efficient  algorithms.  Much  progress  has 
been  made  by  utilizing  the  properties  of  propositional  logic  and  qual- 
itative models  ([10,  8,  1]  to  name  a few)  but  the  problems  associated 
with  more  complex  dynamic  systems  have  still  to  be  solved  in  gen- 
eral. The  Probabilistic  General  Diagnostic  Engine  (PGDE)  addresses 
some  of  these  issues  in  a general  framework  that  applies  to  any  model 
for  which  an  appropriate  “consistency  measure”  can  be  formulated. 

There  are  many  devices  for  which  quantitative  dynamic  models 
either  already  exist  or  whose  behavior  can  best  be  described  by  a set 
of  differential  equations.  The  cost  of  developing  qualitative  models 
exclusively  for  the  purpose  of  diagnosis  is  prohibitive,  thus  making 
the  adaptation  of  qualitative  methods  to  quantitative  dynamic  models 
an  important  topic.  Models  of  this  type  present  two  new  challenges 
to  the  diagnostician:  First,  quantitative  dynamic  models  require  the 
comparison  of  sets  of  signals  to  determine  consistency.  Due  to  noise 
and  modelling  errors,  it  can  be  difficult  to  represent  the  results  of 
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these  comparisons  by  the  discrete  values  typically  used  in  qualitative 
methods.  Second,  the  nature  of  dynamic  systems  is  that  they  often 
have  states  which  are  not  directly  measurable.  When  the  model  is 
simulated  using  only  the  equations  from  a few  components,  it  is  often 
the  case  that  many  of  the  states  will  become  unknown.  If  no  conflict 
is  observed,  we  reason  that  a possible  diagnosis  has  been  identified, 
however,  it  is  impossible  to  know  if  there  would  have  been  a conflict 
if  these  states  had  been  known.  As  a result,  the  underconstrained  na- 
ture of  dynamic  systems  reduces  the  resolution  of  fault  isolation  pro- 
cedures and  this  must  be  taken  into  account  in  any  diagnostic  method 
dealing  with  these  models. 

The  PGDE  algorithm  attempts  to  deal  with  these  difficulties  by 
maintaining  a belief  distribution  for  each  possible  diagnosis.  Since 
these  distributions  are  not  limited  to  discrete-valued  consistency 
measures,  the  PGDE  is  able  to  more  accurately  interpret  interme- 
diate non-boolean  consistency  assessments.  They  are  also  updated 
throughout  the  duration  of  the  diagnostic  procedure,  and  conclusions 
about  the  consistency  of  sets  of  components  with  observations  are 
not  drawn  until  sufficient  information  has  been  processed.  In  Sec- 
tion 2,  the  proposed  algorithm  is  laid  out  in  a step-by-step  fashion, 
including  consideration  of  its  computational  complexity  in  Section 
2.5.  Next,  Section  3 presents  a non-trivial  example  hydraulic  circuit 
and  summarizes  some  diagnostic  results  obtained  by  the  PGDE.  Fi- 
nally, the  paper  closes  with  a discussion  of  conclusions  and  future 
directions  of  research  in  Section  4. 

2 PGDE  ALGORITHM 

The  model  used  in  a consistency-based  algorithm  is  a set  of  con- 
straints on  the  signals  passing  through  the  system.  A failure  can  be 
declared  when  these  signals  are  inconsistent  with  the  constraints.  The 
goal  of  the  algorithm  is  then  to  locate  a subset  of  these  constraints, 
which  when  removed  from  the  model,  restore  consistency  between 
the  predicted  and  observed  behavior.  This  process  can  proceed  in  an 
iterative  manner,  selecting  a set  of  constraints  to  remove  and  simu- 
lating the  system  until  a feasible  set  is  found. 

We  begin  by  defining  the  system  as  in  [7]: 

Definition  1 A system  is  a triple  (SD,  COMPS,  OBS)  where: 

1.  the  components  (COMPS)  are  a finite  set  of  constants 

2.  the  system  description  (SD)  is  a set  of  constraints 

3.  the  observations  (OBS)  are  measurements  of  the  physical  device 

There  is  no  requirement  that  there  be  a one-to-one  mapping 
from  components  to  constraints  and  so  a partition  {SDc}c€COMPS 
is  defined  covering  SD  such  that  U cecoMPS  = and 

SDC t H SDCJ  = 0 Vo;  f Cj.  The  set  of  all  possible  failures  is 


given  by  the  power  set  of  COMPS  and  for  each  element  A C 
P(COMPS),  define  SDa  = Uc<ea  SDc.  This  allows  the  defi- 
nition of  components  which  contain  large  numbers  of  constraints  or 
complex  behaviors  as  well  as  hierarchies  of  components.  The  cardi- 
nality of  a set  of  constraints  X C SD  is  written  as  \X  |;  it  is  a system- 
dependent  real  number,  representing  the  notion  of  how  “large”  the  set 
X is  when  compared  to  SD. 

Reiter’s  original  work  [7]  relies  on  a ‘theorem  prover’, 
TP(S.D,  "D(A,  COMPS\A),  OBS),  which  returns  true  if  the  par- 
tial model  containing  only  the  constraints  in  the  complement  of 
SD&,  ( SD&)C , is  consistent  with  the  observations  OBS  and  false 
otherwise;  consistency  implying  that  the  components  A are  a possi- 
ble diagnosis.  Here  the  theorem  prover  is  redefined  to  return  a contin- 
uous measure  of  how  consistent  the  constraints  ( SDa)c  are  with  the 
observations  OBS.  It  is  possible  that  the  system  defined  by  (SDa)c 
with  OBS  as  inputs  may  be  underconstrained.  Thus,  for  some  of  the 
constraints  in  (SDa)c,  it  is  impossible  to  verify  if  they  have,  or  have 
not,  been  violated.  If  this  system  is  consistent  then  it  is  not  valid  to 
say  that  A is  a diagnosis  as  the  faults  might  have  been  in  the  con- 
straints that  could  not  be  tested.  This  situation  is  very  common  in 
dynamic  systems  with  state  as  they  are  inherently  underconstrained 
[4],  To  deal  with  this,  the  constraints  which  were  used  during  the 
simulation  of  ( SDa)c  are  returned  by  TP(-)  as  defined  below. 

Definition  2 Let  A 6 P(COM  PS).  Define  the  function  TP(-,  •)  : 
SD  x OBS  — » R x SD  as: 

(ha,Aa)  = TP((SDA)c,OBS) 

Where: 

• ha  6 [0, 1],  1 implies  constraints  ( SDa)c  are  consistent  with 

the  observations  OBS,  and  0 implies  inconsistency 

• 41a  C ( SDa)c  are  the  constraints  which  TP(-)  had  sufficient 

information  to  apply  during  the  calculation  of  pa 

Two  belief  distributions  over  the  states  {true,  false,  unknown}  are 
maintained  for  each  element  A e P(COMPS).  These  are  rep- 
resented by  the  probability  mass  functions  BD  A(x)  and  Blc  A(x) 
with  domains  {true,  false,  unknown}.  BD  A(true)  is  the  belief 
that  the  evidence,  provided  by  calls  to  TP(-),  shows  that  A is  a di- 
agnosis. Bd  A{  false)  is  the  belief  that  the  evidence  does  not  show 
that  A is  a diagnosis.  It  does  not  mean  that  the  evidence  does  show 
that  A is  not  a diagnosis  as  consistency  can  only  incriminate  compo- 
nents, it  cannot  exonerate  them  [7].  Finally,  B0  ^{unknown)  is  the 
probability  that  it  is  unknown  what  the  evidence  shows,  or  that  there 
is  no  evidence.  If  pa  = 0 then  at  least  one  component  of  At:  must 
be  faulty  and  we  call  Ac  a conflict  set  [7]  and  A an  inverse  conflict. 
B\c,A(true)  is  the  belief  that  the  evidence  shows  that  A is  an  inverse 
conflict,  B]c  A{false ) that  it  doesn’t  and  B]c  A (unknown)  that  the 
evidence  is  unclear. 

Initially,  all  the  beliefs  are  100%  unknown  (BdA(x)  = 
Bk.  a(x)  = {0.0, 0.0, 1.0}).  In  each  iteration,  a call  is  made  to  TP(  ) 
to  check  if  a new  set  of  constraints  ( SDa)c , is  consistent  with  the 
observations,  OBS.  The  distributions  are  then  updated  to  reflect  the 
simulator’s  certainty  in  the  consistency  of  each  set  of  components, 
again  with  the  observations.  In  this  way,  the  diagnostic  engine  deter- 
mines the  components  that  are  most  likely  to  be  faulty,  as  well  as  a 
measure  of  its  confidence  in  these  decisions. 

A block  diagram  of  the  PGDE  is  shown  in  Figure  1.  The  following 
sections  deal  with  each  stage  of  the  algorithm  in  detail  in  the  order: 


updating  the  beliefs  (steps  3 and  4),  choosing  a new  set  to  test  for 
consistency  via  TP(-)  (step  1),  deciding  when  to  stop  and  interpreting 
the  final  belief  distributions  (steps  5 and  6). 

2.1  Belief  update 

Once  a possible  diagnosis.  A,  has  been  selected,  TP(-)  is  used  to  find 
the  consistency  measure,  pa , and  the  constraints  which  were  used  to 
compute  it,  A a.  The  goal  is  to  determine  what  the  consistency  mea- 
sure has  shown  about  each  of  the  subsets  of  COMPS,  using  Aa  as 
a guide.  Assuming  no  fault  models,  two  properties  of  constraint  sys- 
tems allow  the  consistency  measure  of  the  set  A to  affect  the  beliefs 
of  other  sets:  supersets  of  diagnoses  are  diagnoses  (removing  more 
constraints  will  not  make  the  system  inconsistent)  and  subsets  of  in- 
verse conflicts  are  inverse  conflicts  (adding  constraints  will  not  make 
the  system  consistent  ).  Using  these  facts,  the  supersets  of  A are  first 
considered  and  the  information  derived  from  pa  and  Aa  is  used  to 
update  the  beliefs  that  they  are  diagnoses  (BD  ap{x)  VA p D A). 
Similarly,  the  beliefs  that  the  subsets  are  inverse  conflicts  are  also 
updated  (Blc  Ac(x)  VA c Q A). 

2.1.1  Update  belief  in  diagnosis 

We  begin  by  assuming  that  pA  = 1,  indicating  that  the  observations 
are  consistent  with  the  constraints  (SDa)c-  The  goal  is  to  determine 
to  what  degree  this  evidence  shows  that  each  set  is  a diagnosis.  The 
first  step  is  to  locate  the  base  set,  A b,  for  the  set  (SDa)c  as  defined 
below  in  Definition  3.  This  is  the  set  with  the  most  components  of 
which  none  have  had  any  of  their  constraints  used  during  the  calcula- 
tion of  pa.  Referring  to  Figure  2,  in  which  TP((5Z3{i!2,8})c,  OBS ) 
was  called,  the  base  node  is  As  = {1,  2, 3, 4}.  If  A As,  then  the 

constraints  of  at  least  one  component  have  not  been  considered  due 
to  the  assumption  that  the  components  in  A were  faulty  (in  Figure 
2 this  would  be  component  3).  In  essence,  TP(-)  cannot  distinguish 
between  any  set  A'  such  that  A C A'  C As,  since  whenever  the 
constraints  associated  with  the  components  in  A are  not  considered, 
neither  are  those  of  As,  which  implies  that  pA  = Pa'  = Pab- 
This  is  a limitation  of  the  model  and  the  placement  of  the  sensors;  as 
a result  the  best  the  algorithm  can  do  is  incriminate  A b and  inform 
the  user  of  this  sensor  deficiency.  Because  the  consistency  measure 
would  be  the  same  for  all  of  the  sets  A',  such  that  A C A'  C A_g, 
the  sets  are  marked  and  ignored  in  subsequent  calls  to  TP(-).  For  cer- 
tain model  types  these  families  of  sets  can  be  identified  a priori  and 
grouped  into  single  components  to  speed  the  algorithm  [1,2]. 

Definition  3 Let  A C A b C COAL  PS.  Then  As  is  the  base  set 
for  A iff 

SDab  P|  Aa  = 0 
VA'  D A B,  SDa'  P|  Aa  0 

If  the  constraints  associated  with  A b are  not  considered  during 
the  call  to  TP(-),  those  in  (Aa)c  \SDad  are  not  either  (in  Fig- 
ure 2 this  would  be  the  unshaded  sections  of  components  5 and 
6).  These  are  the  constraints  which  were  not  considered  that  do 
not  make  up  a full  component.  The  question  is:  Is  the  lack  of  con- 
flict during  the  computation  of  pA  due  to  the  constraints  in  SDab  , 
those  in  ( Aa)c\SDab , or  some  combination  of  the  two?  The 
safest  approach  would  be  to  say  that  this  evidence  can  only  increase 
the  belief  that  some  set  A'  D A b which  covers  all  of  (Aa)c  is 
a diagnosis  (A'  = {1, 2, 3, 4, 5,  6}  in  the  example).  However,  if 


Figure  1.  The  PGDE  Algorithm 


Figure  2.  Example  nine  component  system 


A 


|(j4a)c  \ SDab  | -C  \SDad  |,  this  would  be  a very  conservative  ap- 
proach, in  the  sense  that  a set  will  never  be  called  a diagnosis  if  it  can- 
not completely  explain  the  observed  behavior,  and  multiple  compo- 
nent failures  would  be  returned  more  often  than  they  should.  In  most 
cases,  designing  models  which  reduce  the  size  of  (Aa)c\SDab 
will  increase  the  precision  of  the  diagnosis  and  so  we  make  the  as- 
sumption that  most  modelers  will  aim  for  this  characteristic  and  as  a 
result  assume  that  |(Aa)c  \ SDab  \ is  small  compared  to  \SDab  |. 

Under  the  assumption  that  the  majority  of  the  constraints  which 
were  not  considered  during  the  computation  of  ha  belong  to  As, 
this  evidence  increases  the  belief  that  As  is  a diagnosis.  However, 
because  every  superset  of  a diagnosis  is  a diagnosis,  this  evidence 
also  increases  the  belief  that  all  of  the  supersets  of  As  are  diagnoses. 
Therefore  for  each  set  Ap  3 Ab  the  probability  that  the  constraints 
in  SDap  can  account  for  the  lack  of  conflict  during  the  computation 


of  ha  is: 

P(Ap  is  a diagnosis  | Aa  A ha  = 1)  (4) 

I04a)‘| 

Assuming  that  faults  are  equally  likely  to  be  anywhere  in  (,4a)c, 
the  probability  that  they  are  in  SDap  is  given  by  Equation  4,  as  the 
proportion  of  (Aa)c  that  is  covered  by  SDap-  If  all  of,  or  more 
than,  (Aa)‘  is  covered,  then  the  probability  that  the  system  will  be 
consistent  is  100%,  by  the  assumption  that  ha  = 1-0. 

This  probability  is  computed  assuming  ha  = 1,  when  in  fact  it 
may  well  be  less  than  one.  The  consistency  measure  describes  our 
ability  to  measure  how  consistent  the  observations  are  with  the  con- 
straints ,4a.  The  real  components  A are  either  consistent  or  incon- 
sistent with  observations  and  it  is  only  the  inability  of  the  model  and 
sensors  to  perfectly  determine  which  one  is  true  that  causes  ha  < 1. 
Therefore  the  consistency  measure  can  be  interpreted  as  a probabil- 
ity that  the  real  artifact  is  consistent  or  inconsistent  and  we  assume  a 
mapping  PC(ha)  to  [0, 1]  defined  by  the  modeler  which  represents 
how  probable  it  is  that  the  real  artifact  is  consistent  given  ha- 
For  each  Ap  I)  As  we  define  a belief  distribution  B0,ap  (x;  A) 
over  the  states  {true,  false,  unknown ,}  which  represents  the  belief 
that  Ap  is  a diagnosis  given  only  the  information  from  calling  TP(-) 
on  A.  The  distribution  is  defined  as  follows: 

BDiAP(true ; A) 

= P(Ap  is  a diagnosis  | Aa  A ha  = 1)  • VC(ha) 

Bd,ap  (false;  A) 

= (1  — P(Ap  is  a diagnosis  | Aa  A ha  = 1))  • VC(ha) 

Bd,ap  ( unknown ; A) 

= I-VC(ha)  (5) 

Equation  5 takes  the  probability  that  a set  is  a diagnosis  given  Aa  and 
that  the  measure  is  consistent,  and  then  scales  this  probability  by  the 
certainty  that  the  call  to  TP(-)  returned  consistent.  This  distribution 
is  now  combined  with  the  current  beliefs  using  Bayes’  Theorem  and 
the  Total  Probability  Theorem. 


Let  F be  the  set  {true,  false,  unknown}.  Then  the  current  be- 
lief distribution,  BD  Ap  (x),  is  updated  by  the  evidence  Bd,ap  (x;  A) 
to  the  new  belief  distribution  B+A(x): 

B+Ap(x)=  (6) 

E P(BJapW|BD,Ap(/i)  = 1A 

Si.heF 

Bd,Ap(/2;  A)  = 1)  • BDiAp(/i)  • B»,ap(/2;  A) 

The  probabilities  P(Bf Ap(x)  \ BDAp(f1)  = 1 A 

BDlAP(f2',  A)  = 1)  in  Equation  6 can  be  represented  by  a condi- 
tional probability  table  as  shown  in  Table  1.  The  first  two  columns 
represent  fi  and  fi  respectively  and  the  last  three  represent  x.  The 
values  in  Table  1 are  chosen  such  that  if  the  current  belief  is  very 
certain,  as  defined  by  the  weight  of  the  unknown  state,  then  a new 
distribution  which  is  very  uncertain,  will  not  strongly  influence  the 
belief,  and  vice  versa.  If  the  new  evidence  agrees  with  our  current 
belief,  then  this  belief  is  strengthened,  and  if  it  does  not  then  it  is 
weakened. 

Table  1.  Conditional  Probability  Table  used  to  update  If  Ap  (x)  given 
Bo, A p(x\  A) 


P{B+Ap(x)  | BD;Ap(/i)  = 1 ABDiAp(/2;A)  = 1) 


fl 

h 

True 

X 

False 

U nknown 

True 

True 

1.0 

0.0 

0.0 

True 

False 

0.5 

0.5 

0.0 

True 

Unknown 

1.0 

0.0 

0.0 

False 

True 

0.5 

0.5 

0.0 

False 

False 

0.0 

1.0 

0.0 

False 

Unknown 

0.0 

1.0 

0.0 

Unknown 

True 

1.0 

0.0 

0.0 

Unknown 

False 

0.0 

1.0 

0.0 

Unknown 

Unknown 

0.0 

0.0 

1.0 

2.1.2  Update  belief  in  inverse  conflict 

To  update  the  beliefs  Blc  A (x),  much  the  same  procedure  is  followed 
as  in  the  case  where  the  system  is  consistent,  only  now  the  evidence 
suggests  that  the  considered  sets  are  inverse  conflicts  rather  than  di- 
agnoses. As  before,  the  first  step  is  to  locate  the  set  As,  but  now  it 
is  the  base  set  of  (Aa)c  (A  b = {7, 8,  9}  in  Figure  2).  (As)c  is  the 
largest  set  of  components  such  that  all  of  ( SDAb  )c  was  used  to  com- 
pute p.A  and  we  again  assume  that  |(Sr>Ap)‘'|  |Aa  \ (6,£>Ab)<:|. 
The  evidence  provided  by  pA  suggests  that  some  of  the  constraints  in 
(SDAb  )c  have  been  violated.  Since  adding  constraints  will  not  take 
away  the  fact  that  some  of  these  have  not  been  met,  every  superset 
of  (SDAdY  also  contains  broken  constraints  indicating  that  every 
subset,  Ac,  of  Ab  is  an  inverse  conflict.  As  before,  the  probability 
that  the  set  Ac  is  an  inverse  conflict  is: 

P(Ac  is  an  inverse  conflict  | Aa  A pA  = 0) 

i^An(^AC)i 
[71a  | 

We  assume  a mapping  VXC(pA)  e [0, 1],  defined  by  the  modeler, 
which  represents  the  probability  that  the  real  artifact  is  inconsistent 
given  /iA.  This  mapping  is  then  used  to  compute  a distribution, 
Bic,ac(x;  A),  over  the  states  {true,  false,  unknown}  which 
represents  the  belief  that  the  set  Ac  is  an  inverse  conflict  given  only 


the  information  from  calling  TP(-)  on  A. 

BK\Ac(true;  A) 

= P(Ac  is  an  inverse  conflict  | Aa  A pA  = 0)  • VXC(pA) 
Bic,ac( false-,  A) 

= (1  — P(Ac  is  an  inverse  conflict  | Aa  A pA  = 0)) 

■VXCifi  a) 

B,c.ac  (unknown;  A) 

= \-rxc(pA) 

This  belief  distribution  is  incorporated  into  our  current  belief 
BiC.ac(x ) in  the  same  manner  as  discussed  in  the  previous  sec- 
tion. The  total  probability  theorem  is  again  used  as  in  Equation  6 
to  compute  the  new  belief  distribution  Bf.  A (x)  from  the  old  one 
BiCjA c (a:)  and  the  new  evidence  Bk.ac  ( x ; A)  using  the  conditional 
probabilities  in  Table  1 . 

The  new  evidence  provided  by  the  call  to  TP((SDa)c,  OBS)  has 
now  been  incorporated  into  the  belief  distributions  B]cA( x)  and 
Pd, a (x)  for  all  subsets  A of  COMPS.  The  next  section  looks  at 
how  to  use  these  belief  distributions  to  choose  the  next  component  to 
pass  to  TP(-). 

2.2  Next  best  set 

The  order  in  which  the  subsets  of  COMPS  are  tested  is  crucial  to 
the  speed  at  which  the  algorithm  will  find  the  diagnoses.  There  are, 
however,  several  choices  which  will  produce  varying  results  and  so 
the  choice  depends  largely  on  knowledge  of  the  system.  The  follow- 
ing properties  can  be  taken  into  account  when  developing  a heuristic 
search  strategy: 

• Failure  rates:  choose  sets  of  components  with  a history  of  failure 

• Expected  knowledge  gain:  choose  sets  of  components  which  are 
expected  to  reduce  the  unknown  portions  of  the  belief  distributions 
the  most.  (i.e.  B0  A(unknown)  and  Bic  A(unkncrwn)).  See  [5] 
for  a derivation. 

• Current  belief:  choose  the  supersets  and  subsets  of  the  set  cur- 
rently most  likely  to  be  a minimal  diagnosis  to  isolate  a single 
diagnosis  as  quickly  as  possible. 

• Principle  of  Parsimony:  choose  the  sets  with  the  fewest  compo- 
nents as  they  are  more  likely  to  be  diagnoses. 

• Execution  time:  choose  the  sets  with  the  most  components,  as 
TP(-)  will  likely  take  less  time  to  evaluate  systems  with  fewer  con- 
straints. 

2.3  Stop  conditions 

The  certainties  in  the  potential  diagnoses  returned  by  the  PGDE  in- 
crease monotonically  with  each  iteration  [5].  Thus,  the  maximum 
certainties  are  achieved  when  all  subsets  of  P(COM PS)  have  been 
passed  to  TP(-)  for  testing.  Since  this  is  likely  to  take  too  long,  a de- 
cision needs  to  be  made  about  when  to  stop.  As  it  is  when  choosing 
a search  algorithm,  this  decision  is  mostly  heuristic  and  entirely  up 
to  the  modeler.  Some  examples  of  criteria  are  listed  here: 

• A time  limit  has  been  reached 

• The  sum  of  all  of  the  subsets  of  P(COM PS)’ s knowledge  has 
risen  above  some  limit 

• The  knowledge  gained  per  call  to  TP(-)  has  fallen  below  some 
level 


• A percentage  of  the  subsets  of  COMPS  have  been  tested 

• At  least  one  minimal  diagnosis  has  been  found  with  some  mini- 
mum certainty 

2.4  Most  likely  minimal  diagnoses 

A minimal  diagnosis  is  a diagnosis  such  that  no  proper  subset  of  it  is 
also  a diagnosis.  They  are  of  interest  as  the  Principle  of  Parsimony 
[7]  states  that  the  diagnoses  with  the  fewest  components  are  the  most 
likely.  The  minimal  diagnoses  will  have  the  properties  that  all  of  their 
supersets  will  be  diagnoses  and  all  of  their  proper  subsets  will  be 
inverse  conflicts.  The  goal  is  to  determine  which  sets  are  most  likely 
to  have  these  properties  given  the  belief  distributions  Btc  A(x)  and 

aW' 

2.4.1  Combining  B„(x)  and  B,c(x) 

The  two  belief  distributions  BD(x)  and  Blc(x ) have  been  kept  sepa- 
rate, as  they  represent  different  types  of  information.  In  order  to  com- 
pute the  most  likely  minimal  diagnoses,  all  of  the  information  needs 
to  be  taken  into  account  and  as  a result  they  need  to  be  combined. 
This  is  done  using  the  conditional  probability  table  shown  as  Ta- 
ble 2 to  compute  the  combined  belief  distribution  D(x).  DA(true) 
represents  the  probability  that  A is  a diagnosis,  while  DA(  false) 
represents  the  probability  that  it  is  not.  Note  that  this  is  different 
from  BDA(  false)  as  J3D  ,/\(  false)  represents  the  belief  that  the  ev- 
idence does  not  show  that  A is  a diagnosis,  whereas  DA(  false) 
represents  the  belief  that  the  evidence  does  show  that  A is  not  a di- 
agnosis. DA(unknown),  represents  the  belief  that  we  don't  know 
what  the  evidence  shows.  The  values  in  Table  2 are  chosen  such 
that  if  BD  A(x)  and  B]c< A(x)  agree  that  A is  a diagnosis  and  not 
a inverse  conflict  then  DA(true)  = 1.  However,  if  they  do  not 
agree,  then  we  are  confused  about  what  the  evidence  has  shown  and 
DA (unknaum)  = 1.  If  neither  BD  A(x)  nor  Blc ,A(x)  have  any  in- 
formation then  DA(unknown)  = 1. 


Table  2.  Conditional  Probability  Table  used  to  combine  Bo{x)  and 
B\C  (x)  into  D(x) 

P(Da(x)  | B0  A(fi)  = 1AB„,a(/2)  = 1) 


fl 

h 

True 

X 

False 

U nknown 

True 

True 

0.0 

0.0 

1.0 

True 

False 

1.0 

0.0 

0.0 

True 

Unknown 

1.0 

0.0 

0.0 

False 

True 

0.0 

1.0 

0.0 

False 

False 

0.0 

0.0 

1.0 

False 

Unknown 

0.0 

0.0 

1.0 

Unknown 

True 

0.0 

1.0 

0.0 

Unknown 

False 

0.0 

0.0 

1.0 

Unknown 

Unknown 

0.0 

0.0 

1.0 

2.4.2  Finding  the  minimal  diagnoses 

Definition  7 below,  defines  a distribution  DMa(x)  for  each  A G 
P(COM PS)  which  represents  the  belief  that  the  set  A has  the  prop- 
erties of  a minimal  diagnosis. 

Definition  7 Let  A e P(COMPS). 

Let  Ac,  C A,  i = 1, . . . , m,  Vi  j Ac,  fi  A c} 


Let  APi  D A,i  = 1, . . . ,n,  Vi  j APi  =fi  APj. 

Define  the  distribution  -< D(x ) such  that: 

-^D(true)  = D(false) 

-^D(false)  = D(true) 

-•D  (unknown)  = D (unknown) 

Define  the  operator  © such  that  A&B  equals  the  result  of  combining 
A and  B using  the  conditional  probability  table  3,  then: 

dma(x)  = DA(x) 

© DApi  (at)  © ...  © DApn  (x) 

© -|£)aCi  (x)  © — © -'£)ACm  (®) 


Table  3.  Conditional  Probability  Table  used  to  compute  C = A 0 B 
P(C(x)  | A(,fi)  = 1 A B(f2)  = 1) 


fl 

f'l 

True 

X 

False 

U nknown 

True 

True 

1.0 

0.0 

0.0 

True 

False 

0.0 

1.0 

0.0 

True 

Unknown 

1.0 

0.0 

0.0 

False 

True 

0.0 

1.0 

0.0 

False 

False 

0.0 

1.0 

0.0 

False 

Unknown 

0.0 

1.0 

0.0 

Unknown 

True 

0.0 

0.0 

1.0 

Unknown 

False 

0.0 

0.0 

1.0 

Unknown 

Unknown 

0.0 

0.0 

1.0 

The  result  is  that  DMa  (x)  is  true  for  sets  which  have  all  proper- 
ties that  a minimal  diagnosis  should  have  and  false  or  unknown  for 
all  other  sets.  Because  DM(x)  is  a continuous  distribution  over  the 
states  {true,  false,  unknown} , a function  is  needed  which  allows 
the  possible  diagnoses  to  be  returned  to  the  diagnostician  in  order 
from  most  likely  to  least,  along  with  a measure  of  the  algorithm’s 
certainty  in  the  result.  The  following  sorting  function  is  suggested  as 
a good  balance  between  certainty  in  the  result  and  the  belief  that  the 
set  is  a minimal  diagnosis: 

B)Ma  (true)  ■ (1  - DMa  (unknown))  (8) 

Minimal  diagnoses  can  now  be  returned  to  the  diagnostician  in  or- 
der from  the  one  with  the  largest  value  for  Equation  8 to  the  small- 
est. The  probability  that  a set  is  a minimal  diagnosis  is  equal  to 
DMa  (true) /(I  — DMa  (unknown))  and  the  certainty  in  the  result 
defined  by  1 — DMa  (unknown). 

2.5  Complexity  considerations 

Calling  TP(-)  on  every  subset  of  COMPS  is  an  exponential  under- 
taking. If  the  PGDE  is  run  so  that  the  maximum  certainty  is  achieved 
in  the  result,  every  subset  of  COMPS  would  need  to  be  tested  and 
the  algorithm  would  indeed  be  exponential  in  time.  However,  a trade- 
off can  be  made  between  certainty  and  execution  time  by  using  some 
of  the  criteria  listed  in  Section  2.3. 

Maintaining  the  distributions  Ba(x)  and  BK(x)  is  exponential  in 
space  if  the  entire  set  P(COMPS)  is  considered.  However,  for  ex- 
ample, we  assume  that  the  likelihood  of  40  components  failing  simul- 
taneously in  a system  of  50  components  is  negligible.  Therefore,  the 
algorithm  does  not  require  that  the  distributions  Bv(x)  and  B,c(x) 


cover  all  of  P(COMPS),  but  only  up  to  the  level  where  a reason- 
able number  of  simultaneous  faults  are  considered. 

As  seen  in  Figure  1 there  are  four  steps  to  the  algorithm  which  are 
performed  in  an  iterative  fashion:  choose  next  set,  call  TP(-),  interpret 
the  results  and  update  the  beliefs  BD{x ) and  Blc(x).  This  algorithm 
is  primarily  intended  for  the  diagnosis  of  complex  dynamic  systems 
for  which  TP(-)  will  require  a period  of  simulation  in  order  to  test  for 
consistency  and  so  it  is  assumed  that  this  call  will  take  a significant 
period  of  time.  Computing  the  next  set  to  test  can  be  a function  of 
P(COMPS),  but  it  is  assumed  that  the  TP(-)  will  take  the  majority 
of  the  time.  Both  the  interpretation  of  the  results  and  the  updating 
of  the  belief  states  involve  only  the  supersets  and/or  subsets  of  the 
set  under  test,  which  is  a relatively  small  number  when  compared  to 
the  size  of  P(COMPS).  The  final  two  steps  of  the  algorithm  do 
involve  the  entire  set  P(COMPS),  but  as  they  are  not  part  of  the 
iterative  procedure,  their  effect  on  the  speed  of  the  algorithm  is  not 
significant. 

3 DIAGNOSIS  OF  A HYDRAULIC  CIRC  UIT 

Figure  4 shows  a schematic  for  a single  degree  of  freedom  hydraulic 
manipulator  used  to  test  the  algorithm  presented  in  this  paper.  The 
model  is  made  of  eight  components  as  seen  in  Figure  3:  the  head-side 
port  of  the  main  valve,  the  rod-side  port  of  the  main  valve,  the  cylin- 
der, the  manipulator,  the  rod-side  anti-cavitation  valve,  the  head-side 
anti-cavitation  valve,  the  exit  filter  and  the  check  valve.  The  behavior 
of  the  components  is  described  by  sets  of  hybrid  dynamic  equations 
which  can  be  found  in  [6]  and  [5], 

The  function  TP((SDa)c,  OBS ) was  implemented  using  a mod- 
ified version  of  Hybrid  Concurrent  Constraint  programming,  or  hcc 
[3],  The  set  of  hybrid  dynamic  equations  ( SD&)C  is  passed  to  the 
modified  hcc,  along  with  OBS  which  are  the  time  sequences  of  the 
sensor  values.  The  system  made  of  ( SDA)C  and  OBS  will  likely 
be  over-constrained  and  the  resulting  simulation  will  contain  several 
discrepancies  between  measured  and  simulated  values.  These  resid- 
uals (simulated  outputs  less  measured)  will  also  be  time  sequences 
which  can  be  compared  to  a set  of  residuals  recorded  during  nor- 
mal operation  to  generate  a consistency  measure,  /ja  . During  the 
experiments,  the  system  was  setup  in  a position  control  loop  with 
a sinusoidal  input  signal  at  a frequency  of  0.25Hz.  A period  of  six 
seconds  is  recorded,  encompassing  a single  extension  and  retrac- 
tion of  the  manipulator  arm.  Six  experiments  were  run,  each  with 
the  arm  under  a different  failure  condition  which  is  common  in  a 
system  such  as  this  [6,  9],  The  failures  were  caused  by  manual  ad- 
justment of  the  three  valves  and  one  friction  plate  shown  in  Figure 
4.  The  faults  are  assumed  to  be  permanent  and  to  have  occurred 
before  the  measurements  are  taken.  At  each  iteration  the  set  to  be 
passed  to  TP(-)  is  selected  to  maximize  the  expected  decrease  in 
U = Y,AeP(COMPS)B tc.A.i'unknovm)  + BD  A{unknown ) and 
the  algorithm  is  stopped  when  the  change  in  U is  less  than  1%  for 
more  than  10  iterations. 

The  six  failures  and  the  results  of  fault  isolation  using  the  PGDE 
are  as  follows.  On  average,  99.90%  of  the  time  taken  is  spent  in 
simulation  during  the  calls  to  TP(-),  while  only  0.10%  is  required  for 
the  PGDE  calculations.  For  details  refer  to  [5]. 

• Leak  in  the  hose  connecting  the  valve  to  the  head-side  of  the  cylin- 
der. 

This  failure  was  correctly  isolated  in  all  10  sample  runs  taking  an 

average  of  54.5  seconds. 

• Leak  in  the  hose  connecting  the  valve  to  the  rod-side  of  the  cylin- 
der. 


Figure  3.  Component  model  of  the  hydraulic  test  bench 


This  failure  was  correctly  isolated  in  all  10  sample  runs  taking  an 
average  of  53.1  seconds. 

• Partially  clogged  return  filter. 

For  two  of  the  five  tests  run,  the  filter  was  returned  as  the  most 
likely  diagnosis,  with  the  rod-side  port  of  the  main  valve  and  the 
rod-side  anti-cavitation  valves  together  forming  a close  second. 
In  the  remaining  three  tests  the  filter  was  not  returned  as  a diag- 
nosis by  itself,  but  five  diagnoses  containing  the  filter  and  another 
component  were  returned  as  all  being  very  likely.  The  average  cal- 
culation time  was  167  seconds. 

• Increased  friction  in  manipulator  bearing. 

For  two  of  the  five  tests  run,  the  manipulator  was  returned  as  the 
only  likely  diagnosis  with  very  high  certainty  (96%,  100%).  In 
two  more  of  the  tests  it  was  returned  as  one-half  of  a double  fault 
and  in  the  fifth  test  the  algorithm  did  not  get  the  correct  solution. 
These  calculations  took  on  average  82  seconds  to  complete. 

• Leaks  in  both  hoses  connecting  the  valve  to  the  cylinder. 

In  all  five  tests  the  four  double  faults:  {rod-side  anti-cavitation 
valve,  head-side  anti-cavitation  valve},  {rod-side  anti-cavitation 
valve,  head-side  port},  {head-side  anti-cavitation  valve,  rod-side 
port}  and  {head-side  port,  rod-side  port}  were  returned  as  being 
equally  likely  with  a high  degree  of  certainty  (~  85%).  For  this 
situation,  these  are  the  correct  diagnoses  as  one  component  on  the 
rod-side  and  one  on  the  head-side  that  can  account  for  the  leaks 
is  needed  to  explain  this  failure.  The  average  calculation  time  was 
140  seconds. 

• Partially  clogged  return  filter  and  a leak  in  the  head-side  hose. 

In  all  five  tests  the  algorithm  returned  the  head-side  anti-cavitation 
valve  or  port  as  the  only  explanation.  The  filter  causes  a much 
smaller  effect  on  the  system  and  so  it  is  difficult  to  recognize  it 
as  faulty  when  other  components  are  misbehaving.  The  average 
calculation  time  was  61  seconds. 


4 CONCLUSIONS 

This  paper  has  presented  a novel  approach  to  consistency-based  di- 
agnosis which  allows  for  the  use  of  any  modelling  language.  The  use 
of  continuous  distributions  representing  the  belief  that  each  set  of 
components  is  a diagnosis  allows  the  determination  of  consistency 
or  inconsistency  to  be  delayed  until  supporting  evidence  has  been 
collected  and  for  noise  in  the  simulator,  TP(-),  to  be  handled.  The 
demonstration  of  this  algorithm  on  a non-trivial  physical  test  bench 
shows  that  it  can  be  applied  effectively  to  isolate  realistic  faults  in 
real  artifacts. 

ACKNOWLEDGEMENTS 

The  first  author  would  like  to  thank  the  Natural  Sciences  and  Engi- 
neering Research  Council  (NSERC)  of  Canada  for  partial  funding  of 
this  work. 

REFERENCES 

[1]  B. Pulido,  C.Alonso,  C.Llamas,  and  F.Acebes,  ‘Consistency-based  di- 
agnosis using  possible  conflicts’,  in  Proc.  of  the  twelfth  Workshop  on 
Principles  of  Diagnosis,  (2001). 

[2]  B. Pulido,  F.Acebes,  and  C.Alonso,  ‘Exploiting  knowledge  about  struc- 
ture and  behaviour  in  consistency-based  diagnosis  with  fault  modes  in 
dynamic  systems’,  in  Proc.  of  the  Ninth  Inti.  Workshop  on  Principles  of 
Diagnosis,  ( 1 998). 

[3]  V.  Gupta,  R.  Jagadeesan,  V.  Saraswat,  and  D.  Bobrow,  ‘Computing  with 
continuous  change’.  Science  of  Computer  Programming,  (1997). 


[4]  W.C.  Hamscher  and  R.  Davis,  ‘Diagnosing  circuits  with  state:  An  in- 
herently underconstrained  problem’,  in  Proceedings  of  the  4 !l  National 
Conference  on  Artificial  Intelligence,  (1984). 

[5]  Colin  N.  Jones,  Consistency-Based  Fault  Isolation  for  Hybrid  Dynamic 
Models,  Master’s  thesis,  The  University  of  British  Columbia,  August 
2001. 

[6]  Masoud  Khoshzaban-Zavarehi,  On-Line  Condition  Monitoring  and 
Fault  Diagnosis  in  Hydraulic  System  Components  using  Parameter  Es- 
timation and  Pattern  Classification,  Ph.D.  dissertation,  University  of 
British  Columbia,  1997. 

[7]  Raymond  Reiter,  ‘A  theory  of  diagnosis  from  first  principles’,  Artificial 
Intelligence,  32(1),  57-96,  (1987). 

[8]  S.Narasimhan,  F.Zhao,  G. Biswas,  and  E.Hung,  ‘Fault  isolation  in  hy- 
brid systems  combining  model  based  diagnosis  and  signal  processing’, 
in  Proc.  of  the  Inti.  Workshop  on  Hybrid  Systems,  (2000). 

[9]  Xiaodan  Sun,  Real-Time  Performance  Monitoring  and  Fault  Diagnosis 
of  Hydraulic  Manipulators,  Master’s  thesis,  The  University  of  British 
Columbia,  March  1995. 

[ 1 0]  Andrew  Watkins,  Consistency-Based  Diagnosis  Using  Dynamic  Mod- 
els, Master’s  thesis.  The  University  of  British  Columbia,  1999. 


